Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Slashdot Deals: Deal of the Day - Pay What You Want for the Learn to Code Bundle, includes AngularJS, Python, HTML5, Ruby, and more. ×
Electronic Frontier Foundation

Judge Wipes Out Safe Harbor Provision In DMCA, Makes Cox Accomplice of Piracy (arstechnica.com) 209

SysKoll writes: The DMCA is well-known for giving exorbitant powers to copyright holders, such as taking down a page or a whole web site without a court order. Media companies buy services from vendors like Rightscorp, a shake-down outfit that issues thousands of robot-generated take-down notices and issues threats against ISPs and sites ignoring them. Cox, like a lot of ISPs, is inundated with abusive take-down notices, in particular from Rightscorp. Now, BMG Rights Management and Round Hill Music are suing Cox for refusing to shut off the Internet access of subscribers that Rightscorp accused of downloading music via BitTorrent. Cox argues that as an ISP, they benefit from the Safe Harbor provision that shields access providers from subscribers' misbehavior. Not so, says U.S. District Judge Liam O'Grady. The judge sided with the media companies ahead of trial, saying Cox should have terminated the repeat offenders accused by Rightscorp. Cox's response is quite entertaining for a legal document (PDF): its description of Rightscorp includes the terms "shady," "shake-down," and "pay no attention to the facts." O'Grady also derided the Electronic Frontier Foundation's attempt to file an amicus brief supporting Cox, calling them hysterical crybabies.

High Level Coding Language Used To Create New POS Malware (isightpartners.com) 90

An anonymous reader writes: A new malware framework called ModPOS is reported to pose a threat to U.S. retailers, and has some of the highest-quality coding work ever put into a ill-intentioned software of this nature. Security researchers iSight say of the ModPOS platform that it is 'much more complex than average malware'. The researchers believe that the binary output they have been studying for three years was written in a high-level language such as C, and that the software took 'a significant amount of time and resources to create and debug'.

Microsoft Blames Layoffs For Drop In Female Employees (cio.com) 171

itwbennett writes: This year, women made up 26.8 percent of Microsoft's total workforce, down from 29 percent in 2014, the company reported Monday. In a blog post discussing the numbers, Gwen Houston, Microsoft's general manager of diversity and inclusion, pointed the finger at the thousands of layoffs the company made to restructure its phone hardware business: 'The workforce reductions resulting from the restructure of our phone hardware business ... impacted factory and production facilities outside the U.S. that produce handsets and hardware, and a higher percentage of those jobs were held by women,' she said.

Second Root Cert-Private Key Pair Found On Dell Computer (threatpost.com) 65

msm1267 writes: A second root certificate and private key, similar to eDellRoot [mentioned here yesterday], along with an expired Atheros Authenticode cert and private key used to sign Bluetooth drivers has been found on a Dell Inspiron laptop. The impact of these two certs is limited compared to the original eDellRoot cert. The related eDellRoot cert is also self-signed but has a different fingerprint than the first one. It has been found only on two dozen machines according to the results of a scan conducted by researchers at Duo Security. Dell, meanwhile, late on Monday said that it was going to remove the eDellroot certificate from all Dell systems moving forward, and for existing affected customers, it has provided permanent removal instructions (.DOCX download), and starting today will push a software update that checks for the eDellroot cert and removes it. The second certificate / key pair was found by researchers at Duo Security.

Blue Origin "New Shepherd" Makes It To Space... and Back Again (arstechnica.com) 117

Geoffrey.landis writes: Blue Origin's "New Shepherd" suborbital vehicle made its first flight into space (defined as 100 km altitude)... and successfully landed both the capsule (by parachute) and the booster rocket (vertical landing under rocket power). This is the first time that a vehicle has made it into space and had all components fully recovered for reuse since the NASA flights of the X-15 in the 1960s. Check out the videos at various places on the web.

Pearson Credential Manager System Used By Cisco, IBM, F5 Has Been Breached 25

An anonymous reader writes with a report from Help Net Security that the credential management system used by Pearson VUE (part of education company and publisher Pearson) has been breached "by an unauthorized third party with the help of malware." Pearson VUE specializes in computer-based assessment testing for regulatory and certification boards. From the story: Over 450 credential owners (including IT organizations such as IBM, Adobe, etc.) across the globe use the company's solutions to develop, manage, deliver and grow their testing programs. The company is still assessing the scope of the breach, and says that they do not think that US Social Security numbers or full payment card information were compromised. But because the PMC is custom designed to fit specific customer requirements, they are still looking into how this incident affected each of their customers. According to a note on Pearson's site, the system remains down for the time being.
The Military

Turkey Downs Allegedly Intruding Russian Fighter Near Syria Border (reuters.com) 528

jones_supa writes: Turkish fighter jets shot down a Russian Sukhoi SU-24 fighter near the Syrian border on Tuesday after repeated warnings over airspace violations. Moscow said it could prove the jet had not left Syrian air space. Footage from private Turkish broadcaster Haberturk TV showed the warplane going down in flames in a woodland area. Separate footage from Turkey's Anadolu Agency showed two pilots parachuting out of the jet before it crashed. A Syrian rebel group sent a video to Reuters that appeared to show one of the pilots immobile and badly wounded on the ground and an official from the group said he was dead. This is the first time a NATO member's armed forces have downed a Russian military aircraft since the 1950s. The Guardian is following the developments with live updates. Also covered by the BBC, which notes Russian aircraft have flown hundreds of sorties over northern Syria since September. Moscow says they have targeted only "terrorists", but activists say its strikes have mainly hit Western-backed rebel groups. Turkey, a vehement opponent of Syria's president, has warned against violations of its airspace by Russian and Syrian aircraft. Last month, Ankara said Turkish F-16s had intercepted a Russian jet that crossed its border and two Turkish jets had been harassed by an unidentified Mig-29.

Comcast Xfinity Wi-Fi Discloses Customer Names and Addresses (csoonline.com) 47

itwbennett writes: Despite assurances that only business listings and not customer names and home addresses would appear in the public search results when someone searches for an Xfinity Wi-Fi hotspot, that is exactly what's happened when the service was initiated 2 years ago — and is still happening now, writes CSO's Steve Ragan. And that isn't the only security issue with the service. Another level of exposure centers on accountability. Ken Smith, senior security architect with K Logix in Brookline, Ma., discovered that Comcast is relying on the device's MAC address as a key component of authentication.

Ex-CIA Director Says Snowden Should Be 'Hanged' For Paris Attacks (thehill.com) 484

SonicSpike writes with this excerpt from The HIll: A former CIA director says leaker Edward Snowden should be convicted of treason and given the death penalty in the wake of the terrorist attack on Paris. "It's still a capital crime, and I would give him the death sentence, and I would prefer to see him hanged by the neck until he's dead, rather than merely electrocuted," James Woolsey told CNN's Brooke Baldwin on Thursday. Woolsey said Snowden, who divulged classified information in 2013, is partly responsible for the terrorist attack in France last week that left at least 120 dead and hundreds injured. "I think the blood of a lot of these French young people is on his hands," he said.

600,000 Arris Cable Modems Have 'Backdoors In Backdoors,' Researcher Claims (thestack.com) 76

An anonymous reader writes: A security researcher using Shodan to probe Arris cable modems for vulnerabilities has found that 600,000 of the company's modems not only have a backdoor, but that the backdoor itself has an extra backdoor. Brazilian vulnerability tester Bernardo Rodrigues posted that he found undocumented libraries in three models, initially leading to a backdoor that uses an admin password disclosed back in 2009. Brazilian researcher Bernardo Rodrigues notes that the secondary backdoor has a password derived in part from the final five digits from the modem's serial number. However, the default 'root' password for the affected models remains 'arris.'

Donald Trump Obliquely Backs a Federal Database To Track Muslims 574

HughPickens.com writes: Philip Bump reports at the Washington Post that Donald Trump confirmed to NBC on Thursday evening that he supports a database to track Muslims in the United States. The database of Muslims arose after an interview Yahoo News's Hunter Walker conducted with Trump earlier this week, during which he asked the Republican front-runner to weigh in on the current debate over refugees from Syria. "We're going to have to do things that we never did before," Trump told Walker. "Some people are going to be upset about it, but I think that now everybody is feeling that security is going to rule." When pressed on whether these measures might include tracking Muslim Americans in a database or noting their religious affiliations on identification cards, Trump would not go into detail — but did not reject the options. Trump's reply? "We're going to have to — we're going to have to look at a lot of things very closely," he said. "We're going to have to look at the mosques. We're going to have to look very, very carefully." After an event on in Newton, Iowa, on Thursday night, NBC's Vaughn Hillyard pressed the point. "Should there be a database system that tracks Muslims here in this country?," Hillyard asked. "There should be a lot of systems, beyond databases" Trump said. "We should have a lot of systems." Hillyard asked about implementation, including the process of adding people to the system. "Good management procedures," Trump said. Sign people up at mosques, Hillyard asked? "Different places," Trump replied. "You sign them up at different places. But it's all about management."

Happy 30th Birthday, Windows! 248

v3rgEz writes: And what a ride it's been. Today marks the 30th anniversary since the debut of Windows 1.01, the first commercial release of Windows. At the time, it was derided as being slow, buggy, and clunky, but since then ... Well, it looks a lot better. .The Verge has a pictorial history of Windows through the years. What's your fondest memory of Bill Gates Blue Screen-of-death that could?
The Media

Reuters Bans RAW Photo Format (petapixel.com) 206

grcumb writes: Reuters is the latest agency to join the ranks of the technically clueless who think that ethical problems can be solved using technical means. They recently issued a circular to their contributors, stating in part: "In future, please don't send photos to Reuters that were processed from RAW or CR2 files. If you want to shoot raw images that's fine, just take JPEGs at the same time. Only send us the photos that were originally JPEGs, with minimal processing...." The problem they claim to be addressing is doctored images, but they don't explain how they plan to ensure that the JPEGs weren't simply exported from RAW files with their EXIF data altered, or heck, just altered as JPEG. They also assert that getting JPEG files straight from the camera is quicker, which is fair enough. Lots of professionals shoot with RAW+JPEG at newsworthy events. They can send the JPEGs off quickly to meet the first deadline, then process the RAW files at leisure for higher quality publications.
Input Devices

Silent Ear and Tongue-Tracking Tech Can Control Wearables (thestack.com) 10

An anonymous reader writes: Scientists at Georgia Tech are developing silent speech systems that can enable fast and hands-free communication with wearable devices, controlled by the user's tongue and ears. As seen with open source project Eyedrivomatic, the researchers want to apply the technology to provide a device control solution for people who are disabled. They suggest it could also be used by those working in a loud environment in need of a quiet way to communicate with their wearable devices. The prototype involves a combination of tongue control with earphone-like pieces each installed with proximity sensors to map the changing shape of the ear canal. Every word manipulates the canal in a different way, allowing for accurate recognition.

YouTube Defending Select Videos Against DMCA Abuse 56

Galaga88 writes: It's not a complete solution, but YouTube is going to begin stepping up to defend select videos in court on fair use terms, including covering court costs. Will this help stem the tide of bad DMCA takedown requests, or just help the select few YouTube doesn't want to lose? From the blog post linked: We are offering legal support to a handful of videos that we believe represent clear fair uses which have been subject to DMCA takedowns. With approval of the video creators, we’ll keep the videos live on YouTube in the U.S., feature them in the YouTube Copyright Center as strong examples of fair use, and cover the cost of any copyright lawsuits brought against them. ... In addition to protecting the individual creator, this program could, over time, create a “demo reel” that will help the YouTube community and copyright owners alike better understand what fair use looks like online and develop best practices as a community.

"People should have access to the data which you have about them. There should be a process for them to challenge any inaccuracies." -- Arthur Miller